How does Audit Trail plugin work?

Article ID:115002208612
2 minute readKnowledge base


  • After installing the Audit Trail plugin, an "operation X" is not being showed on logs.


  • CloudBees Jenkins Enterprise - Managed controller (CJEMM)

  • CloudBees Jenkins Enterprise - Operation Center (CJEMM)

  • Jenkins LTS

  • Audit Trail Plugin


Firstly, Audit Trail plugin needs to be configured in Manage Jenkins > Configure System > Audit Trail section and one Logger type needs to be added at least.

Having done that, Audit Trail plugin keeps audit trail of those particular Jenkins operations which their particular request matches with one of the following patterns. At the moment of writing this articles the patterns are:

  • configSubmit

  • doDelete

  • postBuildResult

  • enable

  • disable

  • cancelQueue

  • stop

  • toggleLogKeep

  • doWipeOutWorkspace

  • createItem

  • createView

  • toggleOffline

  • cancelQuietDown

  • quietDown

  • restart

  • exit

  • safeExit

Other patterns not set in the plugin default configuration could be of interest, such as updateSubmit to display credential related changes in the audit logs.

Also, it receives notifications about builds thanks to AuditTrailRunListener extends RunListener.

Examples of Jenkins operation being audited

  • Run a build from testJob by testUser

yyyy-MM-dd HH:mm:ss:SSS - job/testJob/ #<BUILD_NUMBER> Started by user
  • Creating a new job (testUser) or editing an existing one (testUser) have the same output

yyyy-MM-dd HH:mm:ss:SSS - /job/testJob/configSubmit by testUser
  • Updating the email of the logged user

yyyy-MM-dd HH:mm:ss:SSS - /me/configSubmit by testUser
yyyy-MM-dd HH:mm:ss:SSS - /configSubmit by admin

Examples of Jenkins operation NOT being audited

  • Creating new users (sign up) in Jenkins owns Database see JENKINS-27028

Adding an operation

Audit trail plugin allows to specify custom patterns to log. You can find the pattern to log by looking which endpoint Jenkins is making a POST to when you do an operation.

As an example, when you uninstall a plugin, Jenkins is making a POST request to doUninstall so you can simply add this pattern to the Url Patterns to Log in advanced section of the Audit Trail configuration. Once done, uninstalling a plugin will display:

May 20, 2019 10:32:28,608 AM /pluginManager/plugin/<plugin_name>/doUninstall by admin

In case you have trouble finding the endpoint to log, please contact CloudBees Support for help.